Clean up variable organization (wip), better backup/node_exporter for mii, aya01, pi

Signed-off-by: TuDatTr <tuan-dat.tran@tudattr.dev>

README.md

@@ -7,6 +7,14 @@ Don't forget to set a password for the new user with `passwd tudattr`
 ## Backups
 Backup for aya01 and raspberry are in a backblaze b2, which gets encrypted on the clientside by rclone.
 but first of all we need to create the buckets and provide ansible with the needed information.
+
+When creating your own rclone config the `password` and `password2` entries have to be passed though `rclone obscure` like this:
+
+``` sh
+echo "$PASSWORD" | rclone obscure -
+```
+
+`
 ## Vault
 - Create vault with: `ansible-vault create secrets.yml`
 - Create entry in vault with: `ansible-vault edit secrets.yml`

group_vars/all/vars.yml

@@ -87,6 +87,12 @@ mysql_user: user
 aya01_host: "aya01"
 aya01_ip: "192.168.20.12"
 
+#
+# mii
+#
+mii_host: "mii"
+mii_ip: "192.168.200.2"
+
 #
 # ZoneMinder
 #
@@ -180,13 +186,14 @@ pihole_dnsmasq: "{{ docker_dir }}/pihole/etc-dnsmasq.d/"
 #
 
 # Directories that will be backupped to backblaze
-backblaze_paths:
-  aya01:
-    - "{{ docker_compose_dir }}"
-    - "{{ docker_dir }}"
-  pi:
-    - "{{ docker_compose_dir }}"
-    - "{{ docker_dir }}"
+# MOVED TO HOSTVARS
+# backblaze_paths:
+#   aya01:
+#     - "{{ docker_compose_dir }}"
+#     - "{{ docker_dir }}"
+#   pi:
+#     - "{{ docker_compose_dir }}"
+#     - "{{ docker_dir }}"
 
 #
 # samba

host_vars/aya01.yml

@@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.12
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_aya01_tudattr_password }}'
+ansible_become_pass: '{{ vault.aya01.sudo }}'
+
+host:
+  ip: "{{ ansible_host }}"
+  backblaze:
+    account: "{{ vault.aya01.backblaze.account }}"
+    key: "{{ vault.aya01.backblaze.key }}"
+    remote: "remote:aya01-tudattr-dev"
+    password: "{{ vault.aya01.rclone.password }}"
+    password2: "{{ vault.aya01.rclone.password2 }}"
+    paths:
+      - "{{ docker_compose_dir }}"
+      - "{{ docker_dir }}"

host_vars/mii.yml

@@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
 ansible_host: 202.61.207.139
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_mii_tudattr_password }}'
+ansible_become_pass: '{{ vault.mii.sudo }}'
+
+host:
+  ip: "192.168.200.2"
+  backblaze:
+    account: "{{ vault.mii.backblaze.account }}"
+    key: "{{ vault.mii.backblaze.key }}"
+    remote: "remote:mii-tudattr-dev"
+    password: "{{ vault.mii.rclone.password }}"
+    password2: "{{ vault.mii.rclone.password2 }}"
+    paths:
+      - "{{ docker_compose_dir }}"
+      - "{{ docker_dir }}"

host_vars/pi.yml

@@ -2,4 +2,16 @@ ansible_user: "{{ user }}"
 ansible_host: 192.168.20.11
 ansible_port: 22
 ansible_ssh_private_key_file: '{{ pk_path }}'
-ansible_become_pass: '{{ vault_pi_tudattr_password }}'
+ansible_become_pass: '{{ vault.pi.sudo }}'
+
+host:
+  ip: "{{ ansible_host }}"
+  backblaze:
+    account: "{{ vault.pi.backblaze.account }}"
+    key: "{{ vault.pi.backblaze.key }}"
+    remote: "remote:pi-tudattr-dev"
+    password: "{{ vault.pi.rclone.password }}"
+    password2: "{{ vault.pi.rclone.password2 }}"
+    paths:
+      - "{{ docker_compose_dir }}"
+      - "{{ docker_dir }}"

host_vars/vagrant.yml

@@ -2,3 +2,5 @@ ansible_user: vagrant
 ansible_host: 127.0.0.1
 ansible_port: 2222
 ansible_ssh_private_key_file: .vagrant/machines/vagrant/virtualbox/private_key
+
+ost_ip: "{{ ansible_host }}"

mii.yml

@@ -6,6 +6,12 @@
     - role: common
       tags:
         - common
+    - role: backblaze
+      tags:
+        - backblaze
+    - role: node_exporter
+      tags:
+        - node_exporter
     - role: docker
       tags:
         - docker

pi.yml

@@ -8,8 +8,10 @@
         - common
     - role: backblaze
       tags:
-        - backup
+        - backblaze
+    - role: node_exporter
+      tags:
+        - node_exporter
     - role: docker
       tags:
         - docker
-    

roles/backblaze/tasks/backup.yml

@@ -1,17 +1,18 @@
 ---
 - name: Shut down docker
-  shell:
-    cmd: "docker compose down --remove-orphans"
-    chdir: "{{ docker_compose_dir }}"
+  systemd:
+    name: docker
+    state: stopped
+  become: true
 
 - name: Backing up for "{{ inventory_hostname }}"
   shell:
-    cmd: "rclone sync {{ item.1 }} secret:{{ item.1 }}"
-  when: item.0.key == inventory_hostname
-  loop: "{{ backblaze_paths | dict2items | subelements('value') }}"
+    cmd: "rclone sync {{ item }} secret:{{ item }} --transfers 16"
+  loop: "{{ host.backblaze.paths }}"
   become: true
 
 - name: Restart docker
-  shell:
-    cmd: "docker compose up -d"
-    chdir: "{{ docker_compose_dir }}"
+  systemd:
+    name: docker
+    state: started
+  become: true

roles/backblaze/tasks/config.yml

@@ -1,5 +1,5 @@
 ---
-- name: Create rclone config folder at "{{ rclone_config }}"
+- name: Create rclone config folder
   file:
     path: "{{ rclone_config }}"
     owner: '0'
@@ -8,9 +8,9 @@
     state: directory
   become: true
 
-- name: Copy "templates/{{ inventory_hostname }}/rclone.conf" config to "{{ inventory_hostname }}":"{{ rclone_config }}/rclone.conf"
+- name: Copy "rclone.conf"
   template:
-    src: "templates/{{ inventory_hostname }}/rclone.conf"
+    src: "rclone.conf.j2"
     dest: "{{ rclone_config }}/rclone.conf"
     owner: '0'
     group: '0'

roles/backblaze/tasks/main.yml

@@ -3,5 +3,3 @@
 - include_tasks: install.yml
 - include_tasks: config.yml
 - include_tasks: backup.yml
-  tags:
-    - backup

roles/backblaze/templates/aya01/rclone.conf

@@ -1,10 +0,0 @@
-[remote]
-type = b2
-account = {{ vault_backblaze_aya01_account }}
-key = {{ vault_backblaze_aya01_key }}
-
-[secret]
-type = crypt
-remote = remote:aya01-tudattr-dev
-password = {{ vault_rclone_aya01_password }}
-password2 = {{ vault_rclone_aya01_password2 }}

roles/backblaze/templates/pi/rclone.conf

@@ -1,10 +0,0 @@
-[remote]
-type = b2
-account = {{ vault_backblaze_pi_account }}
-key = {{ vault_backblaze_pi_key }}
-
-[secret]
-type = crypt
-remote = remote:pi-tudattr-dev
-password = {{ vault_rclone_pi_password }}
-password2 = {{ vault_rclone_pi_password2 }}

roles/backblaze/templates/rclone.conf.j2

@@ -0,0 +1,10 @@
+[remote]
+type = b2
+account = {{ host.backblaze.account }}
+key = {{ host.backblaze.key }}
+
+[secret]
+type = crypt
+remote = {{ host.backblaze.remote }}
+password = {{ host.backblaze.password }}
+password2 = {{ host.backblaze.password2 }}

roles/docker/templates/aya01/prometheus/prometheus.yml.j2

@@ -16,13 +16,15 @@ rule_files:
   # - "second_rules.yml"
 
 scrape_configs:
-  - job_name: 'node'
+  - job_name: 'aya01'
     scrape_interval: 10s
     scrape_timeout: 10s
     tls_config:
       insecure_skip_verify: true
     static_configs:
     - targets: ['{{ aya01_ip }}:{{node_exporter_port}}']
+    - targets: ['{{ mii_ip }}:{{node_exporter_port}}']
+    - targets: ['{{ pi_ip }}:{{node_exporter_port}}']
   - job_name: Mikrotik
     static_configs:
       - targets:

roles/node_exporter/templates/node_exporter.service.j2

@@ -4,7 +4,7 @@ Description=NodeExporter
 [Service]
 TimeoutStartSec=0
 User=node_exporter
-ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ aya01_ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
+ExecStart={{ node_exporter_bin_path }} --web.listen-address={{ host.ip }}:{{ node_exporter_port }} {{ node_exporter_options }}
 
 [Install]
 WantedBy=multi-user.target